Shield your agents
Scan inputs and outputs, detect and vault PII, enforce safety policies, and generate compliance reports — tenant-scoped, plugin-extensible, and Forge-native.
go get github.com/xraph/shieldEverything you need for AI safety
Shield handles the hard parts — safety scanning, PII detection, policy governance, and compliance reporting — so you can focus on your application.
Layered Safety Engine
Six cognitive layers from instincts to reflexes. Shield processes every input through a composable pipeline of safety checks, each layer building on the last.
result, err := engine.Scan(ctx, shield.ScanInput{ Content: "Process this request...", Direction: shield.DirectionInput, Source: "chat-agent", })"text-fd-muted-foreground/60 italic">// result.Safe=true layers=6PII Detection & Vault
Detect, redact, and vault PII with AES-256-GCM encryption. Sensitive data is identified, tokenized, and stored securely with reversible access controls.
result, err := engine.DetectPII(ctx, shield.PIIInput{ Content: "Email john@example.com, SSN 123-45-6789", })"text-fd-muted-foreground/60 italic">// result.Entities=[email, ssn]"text-fd-muted-foreground/60 italic">// result.Redacted="Email [REDACTED], SSN [REDACTED]"Multi-Tenant Isolation
Every scan, policy evaluation, and audit record is scoped to a tenant via context. Cross-tenant access is structurally impossible.
ctx = shield.WithTenant(ctx, "tenant-1")ctx = shield.WithApp(ctx, "myapp") "text-fd-muted-foreground/60 italic">// All scans and policy evaluations are"text-fd-muted-foreground/60 italic">// automatically scoped to tenant-1Plugin System
15 lifecycle hooks for metrics, audit trails, and tracing. Wire in custom logic at every stage of the safety pipeline without modifying engine code.
func (p *MetricsPlugin) OnScanCompleted( ctx context.Context, input shield.ScanInput, result shield.ScanResult,) { metrics.Inc("shield.scans.total") metrics.Observe("shield.scan.duration", result.Elapsed)}Safety Profiles
Compose instincts, awareness, boundaries, values, judgment, and reflexes into reusable safety profiles. Switch profiles per tenant, agent, or environment.
p := profile.New("strict", profile.WithInstincts(instinct.BlockInjection()), profile.WithAwareness(awareness.DetectPII()), profile.WithBoundaries(boundary.RateLimit(100)), profile.WithValues(values.NoHarm()), profile.WithJudgment(judgment.Threshold(0.95)), profile.WithReflexes(reflex.AutoBlock()),)Compliance Reporting
Generate compliance reports for EU AI Act, NIST AI RMF, and SOC2. Automated evidence collection from scan results, policy evaluations, and audit trails.
report, _ := engine.GenerateReport(ctx, shield.ReportInput{ Framework: shield.FrameworkEUAIAct, Period: "2025-Q1", TenantID: "tenant-1", IncludeEvidence: true, })"text-fd-muted-foreground/60 italic">// report.Score=94 controls=23 findings=2From input to safe output.
Shield orchestrates the entire safety lifecycle — instinct checks, awareness detection, boundary enforcement, value alignment, judgment scoring, and reflex actions.
Short-Circuit Execution
Safety layers can short-circuit the pipeline early. If instincts detect a prompt injection, the scan terminates immediately without invoking downstream layers — minimizing latency and maximizing protection.
Composable Safety Profiles
Mix and match instincts, awareness detectors, boundaries, values, judgment strategies, and reflexes into reusable profiles. Switch profiles per tenant, agent, or deployment environment.
Plugin Lifecycle Hooks
OnScanCompleted, OnPolicyViolation, and 13 other lifecycle events. Wire in metrics, audit trails, or custom processing logic without modifying engine code.
Simple API. Powerful safety.
Scan AI agent inputs and outputs through six safety layers in under 20 lines. Shield handles the rest.
1package main2 3import (4 "context"5 "log/slog"6 7 "github.com/xraph/shield"8 "github.com/xraph/shield/profile"9 "github.com/xraph/shield/store/memory"10)11 12func main() {13 ctx := context.Background()14 15 engine, _ := shield.NewEngine(16 shield.WithStore(memory.New()),17 shield.WithProfile(profile.Default()),18 shield.WithLogger(slog.Default()),19 )20 21 ctx = shield.WithTenant(ctx, "tenant-1")22 ctx = shield.WithApp(ctx, "myapp")23 24 "text-fd-muted-foreground/60 italic">// Scan an AI agent's input through safety layers25 result, _ := engine.Scan(ctx,26 shield.ScanInput{27 Content: "Process this user request...",28 Direction: shield.DirectionInput,29 Source: "chat-agent",30 })31 "text-fd-muted-foreground/60 italic">// result.Safe=true layers=6 elapsed=12ms32}1package main2 3import (4 "context"5 "log/slog"6 7 "github.com/xraph/shield"8)9 10"text-fd-muted-foreground/60 italic">// Implement a custom plugin for audit trails11type AuditPlugin struct {12 logger *slog.Logger13}14 15func (p *AuditPlugin) OnScanCompleted(16 ctx context.Context,17 input shield.ScanInput,18 result shield.ScanResult,19) {20 p.logger.Info("scan completed",21 "safe", result.Safe,22 "layers", len(result.LayerResults),23 "pii_detected", result.PIICount,24 "tenant", shield.TenantFromCtx(ctx),25 )26}27 28func (p *AuditPlugin) OnPolicyViolation(29 ctx context.Context,30 violation shield.PolicyViolation,31) {32 p.logger.Warn("policy violation",33 "policy", violation.PolicyID,34 "severity", violation.Severity,35 )36}Start building with Shield
Add production-grade AI safety and governance to your Go service in minutes. Shield handles safety scanning, PII detection, policy evaluation, and compliance reporting out of the box.
go get github.com/xraph/shield